WRITE-UP CTF CNS STTB PLAYGROUND

Disusun Oleh

Ari Gunawan 17111019 2017

TEKNIK INFORMATIKA
SEKOLAH TINGGI TEKNOLOGI BANDUNG
2020
Table Of Contents

[Introduction] - Apa itu CTF ?

[Introduction] - Category Pada CTF?
[Introduction] - Apa Itu Cryptography?
[Introduction] - Apa itu Web?
[Introduction] - Apa itu Forensic?
[Introduction] - Apa itu Reverse?
[Introduction] – Apa itu Binary Exploitaiton?
[Encoding] - 2
[Encoding] - 10
[Encoding] - 8
[Encoding] - 16
[Encoding] - 64
[Encoding] - 32
[Encoding] - QR
[Encoding] - SPAM
[Encoding] - TheBase
[Encoding] - Basic, Just Decode This
[Encoding] - Apin Cipeng
[Encoding] – Secret by j5
[OSINT] - Welcome To OSINT
[OSINT] - OSINT V2
[Crypto] - Erbiji
[Crypto] - Crypto Hole
[Crypto] - Melida Angel
[Forensic] - Please
[Forensic] - Blind
[Forensic] - Berkomentar
[Forensic] - Penyegaran
[Forensic] - Corrupt
[Forensic] - Maple
[Misc] - Free Flag
[Misc] - Free Flag V2
[Misc] - Hyōka
[Misc] - Gratis!
1. [Introduction] - Apa itu CTF ?

In this challenge I only need to enter the flag code in the description.
Flag : CNS {w3lc0m3_t0_cTf_n3tsEC_Sttb}

2. [Introduction] - Category Pada CTF?

In this challenge I only need to enter the flag code in the description.
Flag : CNS{J3n1s_j3n1s_ctF_1nI_g4n}
3. [Introduction] – What is Cryptography?

In this challenge I have to change the flag in the description using the tool
https://cryptii.com/pipes/caesar-cipherby changing the cesarean cipher to 23 then the
results are as follows:

Then the flag will be changed from ciphertext to plaintext.

Flag : CNS{CaesaR_CiPher_foR_U}
4. [Introduction] – What is Web?

In this challenge, I look for flags that are hidden in the description by clicking View Hint,
then inspect the web page and look for the flag as shown below:

Flag : CNS{U_f0und_m3_0n_1nsp3ct_el3mEnt}
5. [Introduction] – What is Forensic?

In the challenge this time we have to find the flag that was inserted in an image that has
been provided then download, I use http://exif-viewer.com/ to view the inserted file, select
the file then click Show Exif then it will appear as follows:

The contents of the flag contained in the image will be listed as above.Flag :
CNS{3x1ft00l_r1Ght?}
6. [Introduction] – what is Reverse?

In the challenge this time we have to look for hidden flags that are inserted in a file that has
been provided, click View Hint then download, I use Notepad to see the files that are
inserted, then it will appear as follows:

Flag : CNS{m@nt4p_K4u_m4m4ng_h3nDr1k}
7. [Introduction] – Apa itu Binary Exploitaiton?

At the challenge this time I was given the problem of binary exploits and looking for code
that is not from binary language, there is a clue in the description that is a random character,
letter and number.
Then I use netcat because on clues such as ip and port then I use the netcat tools obtained at
https://chrome.google.com/webstore/detail/netcat/nllngonbmjjafbaalbkmopdbbeonoojo/relate
d?hl=en so it will look like this:

Enter the ip and port then stay connected, the flag will look like this:
 And the available flags CNS{h33lc0me_t0_3z_Pwn_h3h3h3}

8. [Encoding] – 2

In this challenge i have to look for hidden flags by changing the binary numbers provided
by using the https://www.rapidtables.com/convert/number/binary-to-ascii.html tool, so it
will look like this:
 And the available flags are CNS{b1n4ry_t0_t3xt}

9. [Encoding] - 10

In this challenge we have to look for hidden flags by changing the decimal numbers provided
by using the https://www.rapidtables.com/convert/number/ascii-hex-bin-dec-
converter.html tool, so it will look like this:
 And the available flags are CNS{d3c1m4L_t0_t3xt}

10. [Encoding] - 8

In this challenge we have to find the hidden flag by changing the octal number provided by
using the https://onlineasciitools.com/convert-octal-to-asciitool, so it will look like this :
 And the available flags are CNS{0ct4l_t0_t3xt}

11. [Encoding] - 16

In this challenge we have to look for hidden flags by changing the hex numbers provided
by using the tool https://www.rapidtables.com/convert/number/hex-to-ascii.html , so it
will look like this:
 Then the available flag is CNS{h3x4_d3c1m4L_t0_t3xt}

12. [Encoding] – 64

In this challenge we have to look for hidden flags by changing the base64 series provided
by using the https://www.base64decode.org/tool, so it will look like this :
 And the available flags are CNS{ba5e64_t0_t3xt}

13. [Encoding] – 32

In this challenge we have to look for hidden flags by changing the base32 sequence provided
by using the https://emn178.github.io/online-tools/base32_decode.html tool, so it will look
like this:
 And the available flags are CNS{ba5e32_t0_t3xt}

14. [Encoding] – QR

In the challenge this time we have to find the flag that was inserted in an image that has
been provided then download, I use https://online-barcode-reader.inliteresearch.com/ to view
the inserted file, select the file then click read then it will appear as following:
 and the available flags are CNS{Sc4n_C0d3}

15. [Encoding] – SPAM

In this challenge we have to find the flag that was inserted in a .txt file that has been provided
and then downloaded, I use http://www.spammimic.com/decode.cgi, to view the inserted file,
select the file then copy and paste it then Click Decode then it will appear as follows:
and the available flags are CNS{Sp4m_M1m1c}

16. [Encoding] – TheBase

According to the title of The Base, this might challenge part of Base, but the string doesn't
look like base32 or base64. This is the string "Lo <:) uCSF2 # @ _ @ DYAJXENkFNFW".
from the description we get 1991 instructions, so I assume that base91. Then I decipher the
password by using the https://www.better-converter.com/Encoders-Decoders/Base91-
Decode, copy the code provided in the description to the tool and it will produce the
following:
 And the available flags are CNS{B4s3_91_D3c0d3Rr}
17. [Encoding] - Basic, Just Decode This

These are challenges such as binary, decimal, octal and hexa, and some of them will
produce several strings and we can get flags, so just describe them with the same tools
as those used for the numbers, so the result is
Part 1 : CNS{B1n4ry_
Part 2 : 0ctal_
Part 3 : D3c1m4L_
Part 4 : h3x4_Ez_3h?}
When put together will be CNS{B1n4ry_0ctal_D3c1m4L_h3x4_Ez_3h?}
18. [Encoding] - Apin Cipeng

At this time there was a flag that had to be deciphered and I assumed that it was an
affine cipher because there was a clue showing the numbers 11 and 12. So I used a tool
https://cryptii.com/pipes/caesar-cipher to translate it with the following
display :

and the flag obtained is CNS{d0_y0u_n0tic3_m3!}

19. [Encoding] – Secret by j5

In this challenge we have to find the flag that was inserted in a .txt file that has been
provided and then downloaded, I use https://enkhee-osiris.github.io/Decoder-JSFuck/ to
view the inserted file, select the file then copy and paste it then Click Decode then it
will appear as follows:

and the flag obtained is CNS{th15_i5_jSfuCk_br0th3r!!!}

20. [OSINT] - Welcome To OSINT

After I searched the telegram group there was an account called Hightech and in the
personal info there was a flag and then added CNS {}, the available flag was
Flag : CNS{ h3llc0m3_t0_0s1nt}
21. [OSINT] - OSINT V2

Just like the previous osint challenge, the flag was hidden in one of the social media
accounts, according to the username description encrypted with some popular
encryption techniques, I assume that this technique is caesarean encryption, but the
problem is which user name is encrypted, so I try to check one one by one all the
members in the telegram group and find the account named below:

Then the username is encrypted with key 13, the result will be like this:

And the flag will be available in the following Twitter account:

 Flag : CNS{0s1nT_v2_e4zY_l1k3_sUnD4y_m0rn1n6_r1gHt?}

22. [Misc] - Free Flag

In this challenge, I only immediately entered the code that will appear when the
description box is blocked, so the available flag is CNS{w3lc0m3_L33T!}
23. [Misc] - Free Flag V2

In this challenge, I only inspect the description and then look for the available columns
and flags CNS{s4m3_eN3rgY_m4g1c_p4r4gRaPh}

24. [Misc] - Hyōka

In this challenge I asserted that the picture is a clue, so I reasoned with what was done
the picture that what he did was dig and translate it into English then the results dig then
search on Google and get the website https://toolbox.googleapps.com/apps/dig/#ANY/
then enter "ctf.netsec-sttbandung.id" and the results found are as follows:
 And the available flags are CNS{g4L1_t3r0s_Hy0k4}
25. [Misc] - Gratis!

Pada flag ini tinggal memasuka flag secara langsung karena sudah tersedia di dalam
deskripsi yaitu CNS{gRaT1s_bUaT_k4Mu_<3}
26. [Forensic] - Please

At the challenge this, first time I have to download the .png file that has been
distinguished in the description, then I open the tool https://hexed.it/ to help see the
flags inserted in the file, the results are as follows:

And the available flags are CNS{pL3a5e_th1s_ch4Ll_t00_e4zy}

27. [Forensic] – Blind

In this challenge I have to download the file that has been prepared in the description
then open it and try to block the page using Ctrl + A and the results are as follows :

And the available flags are CNS{w3lc0m3_t0_f0r3nSiCs_ch4lL}

28. [Forensic] - Berkomentar

At the challenge this, first time I have to download the .png file that has been
distinguished in the description, then I open the tool https://hexed.it/to help see the flags
inserted in the file, the results are as follows:

And the available flags are CNS{em1li4_w1lL_pr0t3cT_y0u}

29. [Forensic] – Penyegaran

At the challenge this, first time I have to download the .png file that has been
distinguished in the description, then I open the tool
https://stylesuxx.github.io/steganography/ to help see the flags inserted in the file, the
results are as follows:

And the available flags are CNS{n0_w4iFu_n0_l4iFu}

30. [Forensic] – Corrupt

At the challenge this, first time i have to download the .png corrupt data file that has
been distinguished in the description, then I open the tool https://hexed.it/ to open it and
help see the flags inserted in the file, the results are as follows:

In this step I block the string data then right-click to export the hexed.id url, then copy
the data to translate it in https://cryptii.com/pipes/reverse-text the results are as follows:
then copy back the data that has become text form to paste into a file in the second
image, then change it to hexadecimal values and apply, it will look like the following :

Then the next step is that we only need to save the changed data by re-exporting it and
it will be saved automatically, then the appearance when the image is opened will be as
follows :
 And the available flags are CNS{wh00_it’S_c00l_r1ght?}

31. [Forensic] – Maple

At the challenge this, first time I have to download the .png file that has been
distinguished in the description, then I open the tool https://sourceforge.net/projects/diit/
to help see the flags inserted in the file and enter the message in the description into a
.txt file, the results are as follows:
 And the available flags are
CNS{m4pl3_ch4n_l0l1_mu5t_pr0t3cccccccccccc_l0l11ku}

32. [Crypto] – Erbiji

In this challenges we are given a txt file, which contains like the value of rgb. The hint
is given clue that, this challenge is crypto which is encrypted using Esolang language.
So i search about esolang, on this site https://esolangs.org/wiki/Brainloller so after read
about Brainloller, the file erjibi.txt looks like brainloller value, so we can translate to brainfuck
notation and i got this :
++++[++++>---<]>.+++++++++++.+++++.-[-->+++<]>.+[-->+<]>++++.---[----->+<]>-.[-->+<]>-----.[-
>++<]>+.+++++.-[->+++<]>-.[++>-------<]>.-[->+++++<]>-.--[--->+<]>.-[-->+<]>----.-[----->+<]>--.--
-----.-[--->+<]>-...>--[-->+++<]>.
And after we get this notation, we should to dcode. Using this tools
https://www.dcode.fr/brainfuck-language to help see the flags inserted in the file, the
results are as follows:

And the flag obtained is CNS{Br4inFuCk1ng!!!}